Sensitive files of children were accessible to external parties due to an error at the Jeugdriagg care institution, according to an investigation by RTL News. The files contain personal data and very sensitive information about the private situation of young children. It cannot yet be ruled out whether the information has been viewed by third parties.
Login details insurance database also leaked
The data breach arose when Jeugdriagg changed its name to Kenter Jeugdhulp in 2015. The domain name Jeugdriagg.nl was not properly closed at the time, so it could be taken over by someone else. RTL News discovered this and took over the domain name, after which the editors gained insight into the files.
Bert Deitmers, director of Kenter Jeughulp, tells Press in a statement that an independent investigation is being conducted into the leak. It is also investigated whether someone else has had access to the data. In addition, Kenter Jeugdhulp reported the leak to the Dutch Data Protection Authority (AP).
Deitmers says that the domain name is now back in the hands of Kenter Jeugdhulp and that external parties can no longer access the files.
Not only were the files of children who were helped by Jeugdriagg accessible to RTL, a database containing information about all insured persons in the Netherlands was also accessible.
Jeugdriagg employees sent login details and unencrypted passwords via e-mail, so RTL News could log in to the database. This allowed them to view names, social security numbers and other personal information. With this kind of information criminals can easily commit identity fraud.
According to Deitmers, sending passwords and login details in this way is against the policy of Kenter Jeugdhulp. Those responsible within the organization will pay extra attention to this in the coming period, so that this cannot happen again.
Kenter Jeugdhulp has set up a special number that parents can call with questions about the data breach.